Merge pull request #35968 from sberyozkin/oidc_warn_when_wrong_token_…

…proxy_is_checked Warn when wrong token proxy is accessed
quarkusio · Sep 18, 2023 · 1257780 · 1257780
2 parents f786f4a + 1f36147
commit 1257780
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcJsonWebTokenProducer.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcJsonWebTokenProducer.java
@@ -79,7 +79,9 @@ private JsonWebToken getTokenCredential(Class<? extends TokenCredential> type) {
             return new OidcJwtCallerPrincipal(jwtClaims, credential);
         }
         String tokenType = type == AccessTokenCredential.class ? "access" : "ID";
-        LOG.tracef("Current identity is not associated with an %s token", tokenType);
+        LOG.warnf(
+                "Identity is not associated with an %s token. Access 'JsonWebToken' with '@IdToken' qualifier if ID token is required and 'JsonWebToken' without this qualifier when JWT access token is required. Inject either 'io.quarkus.security.identity.SecurityIdentity' or 'io.quarkus.oidc.UserInfo' if you need to have the same endpoint code working for both authorization code and bearer token authentication flows.",
+                tokenType);
         return new NullJsonWebToken();
     }
 }